Notices by Soatok Dreamseeker (soatok@furry.engineer)

@cloudhop No but I can raise you a Hackers (1995) reference

https://youtu.be/hTekDcdtVcg

@NafiTheBear I dunno, maybe.

The devil's in the details on that one.

@SwiftOnSecurity I don't even know which crowdstrike thing this is meant to callback to

@l4p1n @Bwee

@the1goit I really should commission more art, shouldn't I?

Do you have an opinion on Delta Chat?

https://soatok.blog/encrypted-messaging-apps/

Do you have an opinion on SimpleX?

https://soatok.blog/encrypted-messaging-apps/

Do you have an opinion on Olvid?

https://soatok.blog/encrypted-messaging-apps/

Do you--

Please stop.

@action_jay @patterfloof @mkj @rawenwolf But of course I do draw some hard lines: I don't use my fursona to promote anything, and I don't talk about my professional stuff on my blog.

@action_jay @patterfloof @mkj @rawenwolf I think this is good in general.

I'm a bit weird in that, I will go to work events in fursuit and take selfies with the executives and management.

I figure if someone closeted sees me being free to do this, without negative ramifications, they'll be less anxious about their work environment.

@arrjay @da_667 Finally a sequel to http.cat

@soatok we've already done SHA1 fingerprint collisions, but I guess that was for ASN.1 certs and not PGP keys.

@soatok correction: it was for PDF files: https://shattered.io/

@xssfox lmao

@sophieschmieg Full fingerprints (since it's SHA1) might be more fun!

I had to tap the sign, again.

The sign: https://soatok.blog/2024/07/02/my-furry-blog-is-not-an-opportunity-to-develop-your-brand/

@49016 lmao no I didn't even bother to look because it's so fucking trivial

@growse I have upofadown blocked on most forums because of their immensely stupid takes.

But I cannot block Hacker News users, so, I do this instead.

Practical Collision Attack Against Long Key IDs in PGP

In response to the GPG.Fail attacks, a Hacker News user made this claim about the 64-bit "Long Key IDs" used by OpenPGP and GnuPG, while responding to an answer I gave to someone else's question: OK, to be clear, I am specifically contending that a key fingerprint does not include collisions. My proof is empirical, that no one has come up with an attack on 64 bit PGP key fingerprints.

http://soatok.blog/2026/01/07/practical-collision-attack-against-long-key-ids-in-pgp/

@david_chisnall @olivetree They had a Trail of Bits audit at the end of 2024: https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SimpleX_Design_Review_2024_Summary_Report_12_08_2024.pdf

The findings were all medium at worst. That inspires some confidence.

@david_chisnall
Given this, why is the phone number requirement for Signal dismissed as not important?
Is there proof that metadata can't be leaked/stolen?
@soatok

@kkarhan Cool story